24

My PHP container runs puppeteer to generate PDF. By generating a PDF document, it also creates two core dump files inside my container. I am not sure where they actually come from.

The host/server is CentOS 7.

I've checked following:

  1. No application error log, Browsershot/puppeteer is running without errors.
  2. No error log (e.g. segfault) found in /var/log/messages

I've tried to disable core dumps

By following Disable core dumps section of https://linux-audit.com/understand-and-configure-core-dumps-work-on-linux/, I've done:

  1. Adding following content to /etc/security/limits.conf
* soft core 0
* hard core 0

  1. Created a disable-core-dumps.sh by: echo “ulimit -c 0 > /dev/null 2>&1” > /etc/profile.d/disable-coredumps.sh

  2. Added following content to /etc/systemd/coredump.conf

[Coredump]

Storage=none
ProcessSizeMax=0

  1. And reboot the server and the container.

  2. I've also tried to set ulimit -c 0 inside the container (alpine)

None of the tricks above work for me. Everytime the puppeteer generates a PDF it always create two core dump files like below:

core.131 core.52

The core files look like:

Core dump file content

Can anyone helps me to disable the core dumps? Thanks a lot.

Jonathan
  • 538
  • 1
  • 6
  • 18
  • I think you need to disable the core dump on your Host not the container or run your container as previliged one – LinPy Jan 03 '20 at 10:46
  • @LinPy I've disabled the core dump on the host already by following https://linux-audit.com/understand-and-configure-core-dumps-work-on-linux. Tried disabling core dumps on both of host and container. None of them work. – Jonathan Jan 04 '20 at 04:23
  • 1
    If you'd like to find the root cause of these coredumps rather than disabling them, then I'd suggest you look more into puppeteer. Since puppeteer uses nodejs and the coredump has nodejs modules/libs in it, it seems that like a nodejs process that had a fault. There are some debugging options that can be used like disabling headless mode of puppeteer are enabling verbose logging. Here's a link for more info: https://github.com/puppeteer/puppeteer#debugging-tips. – ahasbini Jan 05 '20 at 17:10
  • try to edit /etc/security/limits.conf /etc/systemd/coredump.conf insitde container for example in Docker file that describes how to build the image – Ryabchenko Alexander Jan 06 '20 at 10:14
  • @ahasbini the weird thing is PDFs are perfectly generated. I enabled debug but couldn’t find anything useful. Just the core dumps. – Jonathan Jan 06 '20 at 18:05
  • Ok, then lets see what's in the coredump. Based on this link: https://www.javascriptjanuary.com/blog/nodejs-postmortem-debugging-for-fun-and-production, I think the proper way of doing it is like so: `lldb node -c ` and then enter `bt` and post the output in your question – ahasbini Jan 07 '20 at 12:30

3 Answers3

15

You have to start your container with the option --ulimit core=0 to disable coredumps.

Reference: https://docs.docker.com/engine/reference/commandline/run/#set-ulimits-in-container---ulimit

Example

On the host, temporarily set the coredump path to /tmp for verification:

echo '/tmp/core.%e.%p' | sudo tee /proc/sys/kernel/core_pattern

Start a container as usual and force a core dump:

docker run --rm -it bash
(inside the container)
# yes > /dev/null &
# kill -SIGABRT $(pidof yes)
# ls /tmp
(shows core.yes.<pid>)

Now, with --ulimit core=0:

docker run --ulimit core=0 --rm -it bash
(inside the container)
# yes > /dev/null &
# kill -SIGABRT $(pidof yes)
# ls /tmp
(No entries)
Philipp Ludwig
  • 3,758
  • 3
  • 30
  • 48
  • 1
    Thanks for the answer. I’m using compose and tried the ulimit config by setting soft and hard to 0. But still not working. Is the docker run —ulimit core=0 same as setting compose’s ulimit to 0? – Jonathan Jan 06 '20 at 18:03
  • I believe it should be added to the `entrypoint.sh`, in the same command that starts the php application – ahasbini Jan 07 '20 at 12:20
10

For those using docker-compose, in the .yml file set ulimits:

services:
    app:
        ulimits:
            core:
                hard: 0
                soft: 0
jimh
  • 1,651
  • 2
  • 15
  • 28
3

I had this problem too on the docker swarm service and --ulimit core=0 does not work in swarm service; I used the following command and it worked for me in docker swarm service!

sysctl -w kernel.core_pattern=/dev/null
Philipp Ludwig
  • 3,758
  • 3
  • 30
  • 48
iraj norouzi
  • 111
  • 8